Archives for NSA

NSA Device – TOTEGHOSTLY 2.0

(TS//SI//REL) TOTEGHOSTLY 2.0 is STRAITBIZARRE based implant for the Windows Mobile embedded operating system and uses the CHIMNEYPOOL framework. TOTEGHOSTLY 2.0 is compliant with the FREEFLOW project, therefore it is supported in the TURBULENCE architecture. (TS//SI//REL) TOTEGHOSTLY 2.0 is a software implant for the Windows Mobile operating system that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection.
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – TOTECHASER

(TS//SI//REL) TOTECHASER is a Windows CE implant targeting the Thuraya 2520 handset. The Thuraya is a dual mode phone that can operate either in SAT or GSM modes. The phone also supports a GPRS data connection for Web browsing, e-mail, and MMS messages. The initial software implant capabilities include providing GPS and GSM geo-location information. Call log, contact list, and other user information can also be retrieved from the phone. Additional capabilities are being investigated. (TS//SI//REL) TOTECHASER will use SMS messaging for the command, control, and data exfiltration path. The initial capability will use covert SMS messages to communicate with
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – TAWDRYYARD

(TS//SI//REL TO USA,FVEY) Beacon RF retro-reflector. Provides return when illuminated with radar to provide rough positional location. (U) Capabilities (TS//SI//REL TO USA,FVEY) TAWDRYYARD is used as a beacon, typically to assist in locating and identifying deployed RAGEMASTER units. Current design allos it to be detected and located quite easily within a 50′ radius of the radar system being used to illuminate it. TAWDRYYARD draws as 8 mu;A at 2.5V (20mu;W) allowing a standard lithium coin cell to power it for months or years. The simplicity of the dsign allows the form factor to be tailored for specific operational requirements. Future
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – SWAP

(TS//SI//REL) SWAP provides software application persistence by exploiting the motherboard BIOS and the hard drive’s Host Protected Area to gain periodic execution before the Operating System loads. (TS//SI//REL) This technique supports single or multi-processor systems running Windows, Linux, FreeBSD, or Solaris with the following file systems: FAT32, NTFS, EXT2, EXT3, or UFS1.0. (TS//SI//REL) Through remote access or interdiction, ARKSTREAM is used to reflash the BIOS and TWISTEDKILT to write the Host Protected Area on the hard drive on a target machine in order to implant SWAP and its payload (the implant installer). Once implanted, SWAP’s frequency of execution (dropping the
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – SURLYSPAWN

(TS//SI//REL TO USA,FVEY) Data RF retro-reflector. Provides return modulated with target data (keyboard, low data rate digital device) when illuminated with radar. (U) Capabilities (TS//SI//REL TO USA,FVEY) SURLYSPAWN has the capability to gather keystrokes without requiring any software running on the targeted system. It also only requires that the targeted system be touched once. The retro-reflector is compatible with both USB and PS/2 keyboards. The simplicity of the design allows the form factor to be tailored for specific operational requirements. Future capabilities will include laptop keyboards. (U) Concept of Operation (TS//SI//REL TO USA,FVEY) The board taps into the data line
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – SPARROW-II

(TS//SI//REL) An embedded computer system running BLINDDATE tools. Sparrow II is a fully functional WLAN collection system with integrated Mini PCI slots for added functionality such as GPS and multiple Wireless Network Interface Cards. (U//FOUO) System Specs Processor: IBM Power PC 405GPR Memory: 64MB (SDRAM), 16MB (FLASH) Expansion: Mini PCI (Up to 4 devices) supports USB, Compact Flash, and 802.11 B/G OS: Linux (2.4 Kernel) Application SW: BLINDDATE Battery Time: At least two hours (TS//SI//REL) The Sparrow II is a capable option for deployment where small size, minimal weight and reduced power consumption are required. PCI devices can be connected
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – SOUFFLETROUGH

(TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 firewalls. It persists DNT’s BANANAGLEE software implant. SOUFFLETROUGH also has an advanced persistent back-door capability. (TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 series firewalls (320M, 350M, 520, 550, 520M, 550M). It persists DNT’s BANANAGLEE software implant and modifies the Juniper firewall’s operating system (ScreenOS) at boot time. If BANANAGLEE support is not available for the booting operating system, it can install a Persistent Backdoor (PBD) designed to work with BANANAGLEE’s communications structure, so that full access can be reacquired
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – SIERRAMONTANA

(TS//SI//REL) SCHOOLMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system — including physically replacing the router’s compact flash card. (TS//SI//REL) Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process on the target operating system. The vector of attack is the modification of the target’s BIOS. The modification will add the necessary software to the BIOS and modify its software to execute the SCHOOLMONTANA implant at the end of its native System Management Mode (SMM) handler. (TS//SI//REL) SCHOOLMONTANA must support all modern versions
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – SCHOOLMONTANA

(TS//SI//REL) SCHOOLMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system — including physically replacing the router’s compact flash card. (TS//SI//REL) Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process on the target operating system. The vector of attack is the modification of the target’s BIOS. The modification will add the necessary software to the BIOS and modify its software to execute the SCHOOLMONTANA implant at the end of its native System Management Mode (SMM) handler. (TS//SI//REL) SCHOOLMONTANA must support all modern versions
Read More

Categories: Information Technology, IT Security, and Preston Hood.

NSA Device – PHOTOANGLO

(TS//SI//REL TO USA,FVEY) PHOTOANGLO is a joint NSA/GCHQ project to develop a new radar system to take the place of the CTX4000. (U) Capabilities (TS//SI//REL TO USA,FVEY) The planned capabilities for this system are: • Frequency range: 1 – 2 GHz, which will be later extended to 1 – 4 GHz • Maximum bandwidth: 450 MHz. • Size: Small enough to fit into a slim briefcase. • Weight: Less than 10 lbs. • Maximum Output Power: 2W • Output: • Video • Transmit antenna • Inputs: • External oscillator • Receive antenna (U) Concept of Operation (TS//SI//REL TO USA,FVEY) TS//SI//REL
Read More

Categories: Information Technology, IT Security, and Preston Hood.